ClawHub

PwnClaw Security Scan

v1.0.0

Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.

2· 1.2k·8 current·8 all-time
by@gemini2027

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gemini2027/pwnclaw-security-scan.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PwnClaw Security Scan" (gemini2027/pwnclaw-security-scan) from ClawHub.
Skill page: https://clawhub.ai/gemini2027/pwnclaw-security-scan
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install gemini2027/pwnclaw-security-scan

ClawHub CLI

Package manager switcher

npx clawhub@latest install pwnclaw-security-scan
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent security scanner) match the SKILL.md. The instructions and endpoints all relate to running external security tests; no unrelated binaries, credentials, or capabilities are requested.
Instruction Scope
Instructions primarily guide a human to use the external PwnClaw service or to run a token-based self-test via the service's API. This is appropriate for a remote scanning service, but the instructions do recommend (a) allowing the service to send attacks to your agent endpoint (automatic mode) and (b) adding generated rules to your system prompt — both of which require careful human review before enabling in production.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk and there is no package installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for an instruction-only wrapper around an external scanning service.
Persistence & Privilege
The skill is not marked always:true and does not request persistent privileges. It does recommend adding fix rules to the system prompt, but that is an action for the human operator (not an automatic install).
Assessment
This skill is internally consistent, but it relies on an external service. Before using: verify the PwnClaw website and the linked GitHub repo yourself; prefer human-mediated/manual testing or a sandboxed agent endpoint for initial runs; never give the service access to sensitive production endpoints or credentials; review any system-prompt rules generated by the service before applying them permanently; and limit scope/privileges when running tests (use staging agents or explicit test tokens). If you need higher assurance, inspect the public GitHub source or run the service in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dbz8d67arcewna0f9nkw3eh80tknf
1.2kdownloads
2stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@gemini2027
latest
Download

PwnClaw Security Scan

Test your AI agent against 112 real-world attacks across 14 categories. Get a security score and actionable fix instructions.

What It Tests

  • Prompt Injection & Indirect Injection
  • Jailbreaks & Refusal Bypass
  • Social Engineering & Sycophancy
  • Data Exfiltration & Agency Hijacking
  • MCP/Tool Poisoning
  • Memory Poisoning
  • Multi-Agent & Multi-Turn Attacks
  • Privilege Escalation & Obfuscation

How To Use

Option 1: Tell Your Human

Ask your human to visit https://www.pwnclaw.com and run a free security scan:

  1. Sign up at https://www.pwnclaw.com (free tier available)
  2. Start a new test in the dashboard
  3. Enter the agent's URL or use manual mode
  4. Review results and apply the fix instructions to your system prompt

Option 2: Self-Test (Manual Mode)

If your human starts a test and gives you the test token, you can run it yourself:

  1. GET https://www.pwnclaw.com/api/test/{token} → get the next prompt
  2. POST https://www.pwnclaw.com/api/test/{token} with { "response": "your answer" } → submit and get next
  3. Repeat until status is "completed"
  4. Results are in the dashboard

Option 3: Automatic Mode (Recommended)

If your agent has an HTTP endpoint, your human just enters the URL in PwnClaw. PwnClaw sends attacks directly — no scripting needed.

Plans

PlanScansAttacksPrice
Free3/month15 per scan$0
Pro30/month50 per scan€29/mo
TeamUnlimited50 per scan€99/mo

After The Test

PwnClaw generates specific security rules based on your vulnerabilities. Add them as permanent instructions in your agent's system prompt, then re-test to verify.

Links

Comments

Loading comments...